package com.jihui.security.web.userdetails;

import org.apache.commons.lang3.StringUtils;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Map;

/**
 * @author candy
 * @since 16/3/26
 */
public class RestAccessDeniedHandler extends AccessDeniedHandlerImpl {
    private String loginUrl;

    private String redirect;

    private String buyerCenterUrl;

    private String sellerCenterUrl;

    private String crmCenterUrl;

    public RestAccessDeniedHandler(String loginUrl, String redirect) {
        this.loginUrl = loginUrl;
        this.redirect = redirect;
    }

    public RestAccessDeniedHandler(String loginUrl, String redirect, String buyerCenterUrl, String sellerCenterUrl, String crmCenterUrl) {
        this.loginUrl = loginUrl;
        this.redirect = redirect;
        this.buyerCenterUrl = buyerCenterUrl;
        this.sellerCenterUrl = sellerCenterUrl;
        this.crmCenterUrl = crmCenterUrl;
    }

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        String returnUrl = request.getRequestURL().toString();
        Map<String, String[]> params = request.getParameterMap();
        String queryString = "";
        for (String key : params.keySet()) {
            String[] values = params.get(key);
            for (String value : values) {
                queryString += key + "=" + value + "&";
            }
        }
        // 去掉最后一个空格
        if (StringUtils.isNotEmpty(queryString)) {
            queryString = queryString.substring(0, queryString.length() - 1);
            returnUrl = returnUrl + "?" + queryString;
        }

//        Principal principal = request.getUserPrincipal();
//        //无权限登录的情况
//        if (null != principal) {
//            Collection<GrantedAuthority> authorities = ((AbstractAuthenticationToken) principal).getAuthorities();
//            for (GrantedAuthority grantedAuthority : authorities) {
//                if (grantedAuthority.getAuthority().equals("ROLE_BUYER")) {
//                    returnUrl = buyerCenterUrl;
//                    break;
//                } else if (grantedAuthority.getAuthority().equals("ROLE_SELLER")) {
//                    returnUrl = sellerCenterUrl;
//                    break;
//                } else if (grantedAuthority.getAuthority().equals("ROLE_OPERATOR")) {
//                    returnUrl = crmCenterUrl;
//                    break;
//                }
//            }
//            response.sendRedirect(returnUrl);
//        } else {
//            //未登录，强制跳转到登录页
//            //判断登录是否包含重定向
//            String redirect = request.getParameter("redirect");
//            if (StringUtils.isNotEmpty(redirect)) {
//                returnUrl = redirect;
//            }
//            //如果强制定义跳转,以强制跳转为准,适用于卖家,卖家,平台等.
//            if (StringUtils.isNotEmpty(this.redirect)) {
//                returnUrl = this.redirect;
//            }
//            URLEncoder urlEncoder = new URLEncoder();
//            returnUrl = urlEncoder.encode(returnUrl);
////            response.sendRedirect(loginUrl + "?redirect=" + returnUrl);
//        }
        response.sendError(HttpServletResponse.SC_FORBIDDEN, "ACCESS DENIED");
    }

    public String getLoginUrl() {
        return loginUrl;
    }

    public void setLoginUrl(String loginUrl) {
        this.loginUrl = loginUrl;
    }
}
